Günther Deschner [Fri, 1 Oct 2010 17:48:11 +0000 (19:48 +0200)]
s3-dcerpc: no point for printing NDR twice for internal pipes in log level 10.
Guenther
Günther Deschner [Fri, 1 Oct 2010 08:34:14 +0000 (10:34 +0200)]
samba: share readline wrappers among all buildsystems.
Guenther
Günther Deschner [Fri, 1 Oct 2010 08:33:32 +0000 (10:33 +0200)]
s3-readline: move cmd_history to smbclient, the only user.
Guenther
Günther Deschner [Fri, 1 Oct 2010 08:08:15 +0000 (10:08 +0200)]
samba: share select wrappers.
Guenther
Andrew Tridgell [Fri, 1 Oct 2010 20:07:42 +0000 (13:07 -0700)]
s4-auth: fixed a vagrind error when creating keytabs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 1 Oct 2010 20:07:04 +0000 (13:07 -0700)]
autobuild: revert a bit more of the subunit changes
still not quite right - we can enable this again once its fully tested
Andrew Tridgell [Fri, 1 Oct 2010 18:31:28 +0000 (11:31 -0700)]
autobuild: disable the subuit changes for now - they break error checking
Andrew Tridgell [Fri, 1 Oct 2010 18:17:04 +0000 (11:17 -0700)]
autobuild: fixed the tuples in the retry_task
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 1 18:22:22 UTC 2010 on sn-devel-104
Andrew Tridgell [Fri, 1 Oct 2010 18:12:24 +0000 (11:12 -0700)]
autobuild: cwd is needed on all command types
Andrew Tridgell [Fri, 1 Oct 2010 17:26:49 +0000 (10:26 -0700)]
s4-rpmd: fixed a use after realloc bug
we could use old_el after the base message had been re allocated, due
to adding timestamps. We need to re-find the element before using it
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 1 Oct 2010 17:24:46 +0000 (10:24 -0700)]
s4-dsdb: fail the transaction instead of asserting on error
It is more useful to fail the transaction and give the user an error
message than to assert when we have an error in the repl_meta_data
module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Fri, 1 Oct 2010 15:45:47 +0000 (17:45 +0200)]
autobuild: Avoid unnecessary chdir() calls.
Jelmer Vernooij [Fri, 1 Oct 2010 12:25:55 +0000 (14:25 +0200)]
autobuild: Output test results in subunit.
Jelmer Vernooij [Fri, 1 Oct 2010 11:39:28 +0000 (13:39 +0200)]
s3-selftest: fix prefix in subunit output.
Jelmer Vernooij [Fri, 1 Oct 2010 11:30:01 +0000 (13:30 +0200)]
s3: Add subunit-test target.
Jelmer Vernooij [Fri, 1 Oct 2010 11:17:58 +0000 (13:17 +0200)]
s3-configure: Require at least version 1.2.6 of external TDB, which has
TDB_INCOMPATIBLE_HASH.
Jelmer Vernooij [Fri, 1 Oct 2010 10:59:40 +0000 (12:59 +0200)]
s4: Add 'subunit-test' make target.
Jelmer Vernooij [Fri, 1 Oct 2010 10:19:56 +0000 (12:19 +0200)]
autobuild: Provide more information about build sequence, stage name and output mime type (all plain text for now).
Jelmer Vernooij [Fri, 1 Oct 2010 09:28:48 +0000 (11:28 +0200)]
autobuild: Add --always-email option.
Jelmer Vernooij [Fri, 1 Oct 2010 02:42:59 +0000 (04:42 +0200)]
autobuild-remote: Support autobuild.py rather than land.py.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Oct 1 09:46:37 UTC 2010 on sn-devel-104
Jelmer Vernooij [Fri, 1 Oct 2010 02:11:21 +0000 (04:11 +0200)]
Remove land.py - it's been obsoleted by autobuild.py.
Jelmer Vernooij [Fri, 1 Oct 2010 00:53:38 +0000 (02:53 +0200)]
autobuild: Add --daemon option.
Jelmer Vernooij [Wed, 29 Sep 2010 00:52:36 +0000 (00:52 +0000)]
autobuild: Remove autogen step for projects that have checked in configure.
Jelmer Vernooij [Wed, 29 Sep 2010 00:38:18 +0000 (02:38 +0200)]
autobuild: Simplify find_git_root.
Jelmer Vernooij [Wed, 29 Sep 2010 00:29:02 +0000 (02:29 +0200)]
pidl: Fix handling of typedefs of typedefs.
Günther Deschner [Fri, 1 Oct 2010 04:42:58 +0000 (06:42 +0200)]
s3-spoolss: fix do_drv_upgrade_printer() which must have been broken since the
days we moved away from fstrings.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:08:47 +0000 (06:08 +0200)]
s3-net: better handle obscure 0x80070002 error reply when trying to update an
not yet published printer.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:08:12 +0000 (06:08 +0200)]
s3-net: make sure we dont crash when publishing a single printer.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:07:25 +0000 (06:07 +0200)]
s3-spoolss: make sure we dont crash on NULL setprinter level2 elements as seen from win7.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:05:38 +0000 (06:05 +0200)]
s3-spoolss: dont overwrite location change notify.
Guenther
Andrew Tridgell [Fri, 1 Oct 2010 03:56:20 +0000 (20:56 -0700)]
s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail
this fails intermittently on sn-devel. Guenther suggested adding it to
knownfail
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 1 04:37:36 UTC 2010 on sn-devel-104
Andrew Bartlett [Fri, 1 Oct 2010 03:13:34 +0000 (20:13 -0700)]
heimdal: added verbose logging of hemimdal crypto errors
Andrew Tridgell [Fri, 1 Oct 2010 02:41:50 +0000 (19:41 -0700)]
autobuild: fixed the --tail option for new log locations
Andrew Tridgell [Thu, 30 Sep 2010 22:24:58 +0000 (15:24 -0700)]
s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET
otherwise we don't get the secrets!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 22:02:50 +0000 (15:02 -0700)]
s4-spn: don't try and send an empty SPN list
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Fri, 1 Oct 2010 01:31:06 +0000 (01:31 +0000)]
selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py.
Andrew Tridgell [Fri, 1 Oct 2010 00:24:50 +0000 (17:24 -0700)]
selftest: fixed a selftest error on sn
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Jelmer Vernooij [Thu, 30 Sep 2010 23:41:58 +0000 (01:41 +0200)]
delete_object: Remove unnecessary pass calls.
Jelmer Vernooij [Thu, 30 Sep 2010 23:05:12 +0000 (01:05 +0200)]
s4-selftest: Remove unnecessary PYTHONPATH overrides.
Jelmer Vernooij [Thu, 30 Sep 2010 16:29:58 +0000 (18:29 +0200)]
s4-selftest: Normalize paths.
Jelmer Vernooij [Thu, 30 Sep 2010 16:23:20 +0000 (18:23 +0200)]
s4-selftest: Finish conversion of selftest.sh to Python.
Jelmer Vernooij [Thu, 30 Sep 2010 12:55:04 +0000 (14:55 +0200)]
s4-selftest: Convert tests.sh to Python.
Andrew Tridgell [Thu, 30 Sep 2010 21:42:02 +0000 (14:42 -0700)]
autobuild: push of ref/notes/commits isn't allowed in master
metze may enable this later
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep 30 22:25:02 UTC 2010 on sn-devel-104
Andrew Tridgell [Thu, 30 Sep 2010 19:45:00 +0000 (12:45 -0700)]
s4-provision: wipe the old keytabs when provisioning
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:44:39 +0000 (12:44 -0700)]
s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab
we need to fetch the msDS-keyVersionNumber from the writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:43:45 +0000 (12:43 -0700)]
s4-drs: put the GCSPN flag into the repsTo if requested
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:43:14 +0000 (12:43 -0700)]
s4-libnet: wipe the old keytab when exporting
this prevents confusion with old keytab entries
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:42:35 +0000 (12:42 -0700)]
s4-dsdb: silence the domainFunctionality not setup warning
Andrew Tridgell [Thu, 30 Sep 2010 17:41:36 +0000 (10:41 -0700)]
autobuild: added much better email reporting
logs are now accessible via http://git.samba.org
Andrew Tridgell [Thu, 30 Sep 2010 16:37:42 +0000 (09:37 -0700)]
autobuild: fixed exit status
this should fix the case where we don't send logs on failure
Andrew Tridgell [Thu, 30 Sep 2010 06:30:18 +0000 (23:30 -0700)]
s4-drs: added support for level 10 of getncchanges
added a simple mapping from req8
Zahari Zahariev [Thu, 30 Sep 2010 01:13:02 +0000 (04:13 +0300)]
LDAPCmp feature to compare nTSecurityDescriptors
New feature that enables LDAPCmp users to find unmatched or
missing ACEs in objects for the three naming contexts between
DCs in one domain (default) or different domains. Comparing
security descriptors is not the default action but attribute
compatison. So to activate the new mode there is --sd switch.
However there are two view modes to the new --sd action which
are 'section' (default) or 'collision'. In 'section' mode you
can only find differences connected to missing or value
unmatched ACEs but not disorder unmatch if ACE values and count
are the same. All of the mentioned differences plus disorder
ACE unmatch you can observe under 'collision' view however
it is more verbose.
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Volker Lendecke [Wed, 29 Sep 2010 10:17:05 +0000 (12:17 +0200)]
s3: Add "smbcontrol winbindd ip-dropped <local-ip>"
This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.
Volker Lendecke [Thu, 30 Sep 2010 14:27:42 +0000 (16:27 +0200)]
s3: Re-introduce a procid_self()
Giving the parent pid to reinit_after_fork is not a good idea....
None of the other callers do this, checked it.
Volker Lendecke [Thu, 30 Sep 2010 13:17:09 +0000 (15:17 +0200)]
s3: Fix a typo in dump-domain-list smbcontrol usage msg
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:38 +0000 (10:31 +0200)]
s4-selftest: Add some more comments to skip file.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:29 +0000 (10:31 +0200)]
selftest: Eliminate some unnecessary spaces.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:03 +0000 (10:31 +0200)]
selftest: Avoid accessing deprecated BaseException.message.
Thanks to Andreas for pointing this out.
Jelmer Vernooij [Thu, 30 Sep 2010 07:29:42 +0000 (09:29 +0200)]
subunit: Import new upstream snapshot (adds subunit_progress())
Jelmer Vernooij [Thu, 30 Sep 2010 07:18:01 +0000 (09:18 +0200)]
testtools: Import new upstream snapshot.
Andrew Tridgell [Thu, 30 Sep 2010 05:08:48 +0000 (22:08 -0700)]
s4-drepl: don't call UpdateRefs on a RODC
we use the ADD_REF bit in getncchanges instead
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 05:04:21 +0000 (22:04 -0700)]
s4-drepl: fixed the checking of replica_flags in the drepl server
we were incorrectly avoiding a getncchanges when WRIT_REP was not set
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 05:03:35 +0000 (22:03 -0700)]
s4-kcc: fixed the replica_flags in repsFrom in the kcc
if our calculated replica_flags doesn't match the ones in our repsFrom
then update it
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 05:02:54 +0000 (22:02 -0700)]
idl-drsuapi: fixed another replica_flags that should use the bitmap
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 00:33:49 +0000 (17:33 -0700)]
s4-dns: send A record updates via TKEY
Günther Deschner [Thu, 30 Sep 2010 00:28:41 +0000 (02:28 +0200)]
s3-spoolss: make sure to exit early and with the appropriate error code in
_spoolss_GetPrinterDriver2.
Guenther
Günther Deschner [Thu, 30 Sep 2010 00:05:36 +0000 (02:05 +0200)]
spoolss: use the correct flags for spoolss_PrinterInfo1 struct.
Guenther
Günther Deschner [Wed, 29 Sep 2010 02:51:56 +0000 (04:51 +0200)]
s3-spoolss: Fix servername/printername handling which turns out to be very important to get right.
Guenther
Günther Deschner [Wed, 29 Sep 2010 02:49:57 +0000 (04:49 +0200)]
s4-smbtorture: add new EnumPrinters test to test printername/servername
behaviour in EnumPrinter and GetPrinter calls.
Guenther
Andrew Tridgell [Wed, 29 Sep 2010 23:35:52 +0000 (16:35 -0700)]
s4-samldb: also set a password on the krbtgt_NNNN account
when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 22:50:04 +0000 (15:50 -0700)]
s4-devel: added new options to getncchanges script
added --pas, --dest-dsa and --replica-flags options
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Wed, 29 Sep 2010 22:49:15 +0000 (15:49 -0700)]
s4-drs: implement PAS checks and access checks for getncchanges
This implements partial attribute set checking on getncchanges. If the
client sends a partial_attribute_set then we only return the specified
attributes.
This also implements access checking on the NC root for the access
right GUIDs for requests with and without reveal secrets
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Wed, 29 Sep 2010 22:46:23 +0000 (15:46 -0700)]
s4-drs: added drs_security_access_check_nc_root()
this checks securiity on the NC root of the specified naming context
Andrew Tridgell [Wed, 29 Sep 2010 22:45:27 +0000 (15:45 -0700)]
util: added BINARY_ARRAY_SEARCH_V()
this is used to search an array of values
Andrew Tridgell [Wed, 29 Sep 2010 06:19:26 +0000 (23:19 -0700)]
s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 06:18:47 +0000 (23:18 -0700)]
libds: added more UF_ -> ACB_ flags mappings
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 29 Sep 2010 08:47:34 +0000 (10:47 +0200)]
midltests: add midltests-pipe-sync-ndr32-downgrade-02.idl
metze
Stefan Metzmacher [Wed, 29 Sep 2010 07:37:05 +0000 (09:37 +0200)]
midltests: support for fragmented RPC traffic
metze
Stefan Metzmacher [Wed, 29 Sep 2010 07:06:58 +0000 (09:06 +0200)]
midltests: print out the alloc_hint for requests and responses
metze
Stefan Metzmacher [Wed, 29 Sep 2010 04:03:08 +0000 (06:03 +0200)]
midltests: improve NDR64 downgrade
metze
Stefan Metzmacher [Wed, 29 Sep 2010 08:28:29 +0000 (10:28 +0200)]
midltests: revert to a simple default midltests.idl
metze
Günther Deschner [Wed, 29 Sep 2010 06:54:00 +0000 (08:54 +0200)]
s3-waf: add basic make test infrastructure, not able to test yet.
Guenther
Günther Deschner [Wed, 29 Sep 2010 06:49:39 +0000 (08:49 +0200)]
s3-waf: clean up socket-wrapper and nss-wrapper a little.
Guenther
Günther Deschner [Wed, 29 Sep 2010 06:48:49 +0000 (08:48 +0200)]
s3-waf: add vlp binary.
Guenther
Andrew Tridgell [Wed, 29 Sep 2010 03:47:03 +0000 (20:47 -0700)]
s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call
we can't do SPN updates via sam writes and replication, as the sam is
read-only
Andrew Tridgell [Wed, 29 Sep 2010 03:46:15 +0000 (20:46 -0700)]
s4-drsutils: expose DsBind() call in drs_utils.py
this will be used by samba_spnupdate
Andrew Tridgell [Wed, 29 Sep 2010 03:43:58 +0000 (20:43 -0700)]
s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers
Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.
By forcing TZ=GMT in these scripts we avoid the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Nadezhda Ivanova [Wed, 29 Sep 2010 02:35:56 +0000 (19:35 -0700)]
s4-rodc: RODC should not accept requests for role transfer
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
Andrew Tridgell [Wed, 29 Sep 2010 02:11:34 +0000 (19:11 -0700)]
s4-provision: simplify our generated krb5.conf
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 02:10:27 +0000 (19:10 -0700)]
s4-kdc: RODC DCs should be able to produce forwardable tickets
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 02:09:58 +0000 (19:09 -0700)]
heimdal: fixed timegm UTC/GMT bug
This was a wonderful bug!
On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 02:07:43 +0000 (19:07 -0700)]
s4-sam: fixed termination of krbtgt_attrs (comma and NULL)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 01:01:21 +0000 (18:01 -0700)]
ldb-dn: don't crash on NULL in ldb_binary_encode_string()
Thanks to Nadya for finding this one!
Andrew Bartlett [Tue, 28 Sep 2010 23:06:39 +0000 (09:06 +1000)]
s4-kdc Ensure that an RODC may act as a server (needed to fill
the krbtgt role).
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 20:44:33 +0000 (06:44 +1000)]
heimdal Use a seperate krb5_auth_context for the delegated credentials
If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.
Andrew Bartlett
Stefan Metzmacher [Tue, 28 Sep 2010 07:57:22 +0000 (09:57 +0200)]
midltests/todo: add some random idl files I had tested month ago
metze
Stefan Metzmacher [Wed, 29 Sep 2010 00:36:51 +0000 (02:36 +0200)]
midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example
metze
Stefan Metzmacher [Wed, 29 Sep 2010 00:50:19 +0000 (02:50 +0200)]
midltests: add some usefull defines to midltests.idl
metze
Stefan Metzmacher [Wed, 29 Sep 2010 00:35:54 +0000 (02:35 +0200)]
midltests: make it possible to allow downgrades to NDR32
metze
Stefan Metzmacher [Tue, 28 Sep 2010 09:04:59 +0000 (11:04 +0200)]
midltests: add a midltests_tcp.exe tool
This uses a man in the middle approach in order to dump the
request and response pdus.
It also tests NDR32 and NDR64.
metze